Sincetraveling around the UK lecturing on the General Data Protection Regulations and how they’re affecting dentists and dental patient records when they came into force on 25
In this dental bulletin we will look at the current legal guidelines before GDPR and attempt to clear up any confusion regarding the retention and value of dental patient records.
Records created by NHS authorities, including NHS dentists, fall within the scope of the Public Records Act 1958 and the Freedom of Information Act 2000. These impose a statutory duty of care directly on individuals who have direct responsibility for such records.
Gdpr, Patient Medical Record Retention And The Right To Erasure
In January 2009 the Department of Health published a document entitled “Records Management, NHS Code of Practice, Part 2”. This document stated that NHS records can in certain circumstances be kept up to a maximum of 30 years. It also set out the minimum retention periods for which the various records created within the NHS should be retained. Under Appendix D1 it stated that community (i.e. non hospital) dental records should be retained for a minimum of 11 years for adults and for children 11 years or up to their 25
However in July 2016 that guidance was withdrawn by the Information Governance Alliance on behalf of the Department of Health. The current rules relating to the retention of patients’ notes is in fact set out in the Records Management Code of Practice for Health and Social Care 2016.
These guidelines state that records should be created, controlled and processed in accordance with the purpose for which the data was originally obtained, i.e. for the purpose of providing dental treatment or care. Records should be retained “in line with NHS recommended Retention Schedule”. This states that general Dental Services records should be retained for a minimum period of 10 years from the date of discharge of the patient from the practice or when the patient was last seen. There is no 30 year recommendation. At the 10 year point, there should be an appraisal to determine whether the records should be retained for a further period or deleted.
Understanding Medical Data Retention
Practices should have an internal policy regarding the appraisal, retention or destruction of dental patient records. No records should be automatically destroyed. However, a practice should consider the purpose for retaining the records; examples of this could be an ongoing legal case or that they are the subject of research. It isn’t appropriate to adopt a blanket “err on the side of caution” approach and retain all dental records indefinitely.
Indeed Article 5 of the GDPR sets out the guiding principles relating to the processing of personal data (including medical records). Article 5(e) specifically states that data shall be:
– kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
Gdpr What Are The Statutory Retention Periods For Hr
GDPR is a cultural shift in the way in which personal data is retained and processed. This will extend to medical records, which should only be retained for the amount of time that is absolutely necessary. It is therefore difficult to see in what circumstance a dentist would be able to justify retaining records beyond the ten year period where no contact has been had with the patient in that time and there is nothing unusual about the patient’s clinical care.
The Information Governance Alliance on behalf of the Department of Health has stated that once the minimum period of ten years has expired from the patient’s last visit to the practice has expired “in most cases it will be appropriate to destroy records immediately”
If a dentist is aware of an ongoing legal case relating to the patient notes, then this would be a clear and compelling justification for retaining the records outside of the ten year minimum period, and the value of patient dental records during legal proceedings could potentially be huge.
Records Management Code Of Practice
Generally patients have 3 years from the date that they first became aware that they had suffered an injury to bring a claim for compensation against a dentist. There are limited circumstances in which this can be extended. However, bear in mind that patients who suffer from a “disability” resulting in an “unsound mind” have no such limitations. Dentists are therefore advised to retain dental patient records in these circumstances beyond the ten year minimum. The reason should be recorded in the practice appraisal.
Be forthcoming cannot be justified. GDPR requires the practice to weigh up the legitimate interests of the practice against the individual’s right to privacy in a more nuanced and considered way.
The Department of Health and GDC is alarmingly quiet regarding the retention of “private” patient records, ie. those that fall outside the NHS. Where private treatment is given within an NHS practice the NHS Code of Practice applies. A common sense approach should be taken to the retention of private patient’s records, and we would advise following the NHS guidance as best practice.
How Long Do Nhs Records Have To Be Kept For?
The value of patient dental records is not to be overlooked, and it is important that dentists take care of their paper and digital records. Paper records can be destroyed by incineration, pulping or shredding (using a cross cut shredder) under confidential conditions. Under no circumstances should domestic waste or rubbish tips be used for disposal. Keep a record of the method of destruction as well as the appraisal decisions. Companies providing this service should provide you with a certificate of destruction.
For digitally held dental records it is important to note that records that are “archived” are not considered to be deleted for the purposes of data protection laws. However, the ICO has indicated that under the Data Protection Act if information can be deleted from a live environment and is not readily accessible, then this will suffice for destruction of data under the Data Protection Act. It seems unlikely that this guidance will change under GDPR.
The ICO will be satisfied that information has been ‘put beyond use’, if not actually deleted, provided that the data controller holding it:
How Long Should I Keep Documents For?
Practices should speak to their software providers to determine what processes they have in place to securely delete files from their systems.
Failure to process, retain and dispose of data in an appropriate method will be a breach of the Data Protection Act 2018 when it comes into force, as the value of patient dental records and patient personal data, especially in the wake of GDPR, is huge. The ICO have considerable enforcement powers, and can impose significant fines for breaches (up to 4% of the annual turnover).
Please note that the information contained in this article was correct at the time of writing. There may have been updates to the law since the article was written which may affect the information and advice given therein.This guidance has been reviewed by the Health and Care Information Governance Panel, including the Information Commissioner’s Office (ICO) and National Data Guardian (NDG).
Childminder Confidentiality And Data Retention Policy
The Records Management Code of Practice 2021 provides guidance on how to keep records, including how long to keep different types of records. It replaces previous versions.
Records come in different shapes and sizes. For example, a record may be a letter on paper, an email, a photograph, an X-ray, a text message, or even a plaster mould.
To help ensure that these records are all managed consistently across England, we publish a Records Management Code of Practice. This provides important information to those responsible for managing records. It includes guidance on topics such as what the law says about managing records, how to file and store records and how long records should be kept for.
Pdf) Role Of Medical Records Management Practice In Improving Decision Making In University Hospital
Different records are kept for different lengths of time. Most records are destroyed after a certain period of time. Generally most health and care records are kept for eight years after your last treatment. GP records are kept for much longer. However this is being reviewed to ensure they are not kept for longer than necessary once you have left your GP practice (for example if you moved abroad or died). Some records are considered valuable in the longer term, for example for research. They can also enable the public to understand how an organisation worked in years to come. This includes records such as patient surveys.
You have a right to obtain a copy of your personal data. This is commonly referred to as subject access. You can obtain a copy of your personal data by making a Subject Access Request.
Everyone within a health and care organisation is responsible for managing records appropriately. It is therefore important that you understand how records should be managed - how records are created, maintained and disposed of appropriately.
Pdf) Investigation Of Retention And Destruction Process Of Medical Records In The Hospitals And Codifying Appropriate Guidelines
The Records Management Code of Practice provides a framework for consistent and effective records
0 comments:
Post a Comment